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DETAILED ACTION 

1. As of entry of the amendment filed 11/13/2007, claims 1-19 are pending in this 
application. Upon reconsideration, Applicant's arguments with respect to claims 1-19 
have been considered but are moot in view of the new ground(s) of rejection. 

2. The Examiner indicates that the Applicant requested to withdrawn the Notice of 
Appeal filed 11/12/2007. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraph of 35 U.S.C. § 102 in 
view of the AIPA and H.R. 2215 that forms the basis for the rejections under this section 
made in the attached Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-3, 7, and 10-19 are rejected under 35 U. S. C. § 102 (e) as being 
anticipated by Llewellyn et al. (U.S. pub. No. 2003/0061279 A1). 

Regarding to claim 1, Llewellyn et al. discloses a system enabling individual 

organizations of a plurality of different organizations {i.e., 'many enterprises (companies, 

organizations, foundations, and the like) may rely on a central server to provide access to the Internet for all users 
on a local area network or wide area network served by the enterprise server owned by that company " (0009)) tO 

manage access of their own respective employees (i.e., i The server configuration module m 

may also enable an administrator to set up accounts which may include authentication and configuration data 
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associated with a particular user or organization") (0109)) to at least One remotely located 

application (/.*., "an application 86") (0078)) hosted by an application service provider (i.e., The 

server farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and 
manger access to an application") (0078)), Comprising: 

at an application Service provider (i.e., "The server farm 99 may be an Application Service 

Provider ("ASP") farm 99. An ASP typically deploys, host, and manger access to an application") (0078)) Site, 

at least One database (i.e., "The application profiles 188 may be embodied as a memory mapped 

files rather than files stored on a storage device 16 such as a hard drive 16" (0132) and Examiner asserts that in 
the specification defines t4 the database 138, otherwise called a memory device" (0042), and Llewellyn et al. 
discloses application 479, application profiles and image (user interface) are stored in memory 14 (fig. 8, 14)) 

asset containing data representing a plurality of user interface images (i.e., "A server farm 

99 may be thought of as a group of servers that are linked together as a single system image to provide centralized 
administration and horizontal scaleability" (0077) or "many applications 86 make use of API calls which draw 
simple shapes to display, often, an application 86 will make many such API calls to render an image" (0089)) 

associated with a corresponding plurality of organizations (Fig. 1 5 shows that image "Subscriber 

entry Point 500" associated with "client Module 80a" and "provider Entry Point 502" associated with "Client 
Module 80b " and "The server configuration module 196 may also enable an administrator to set up accounts 
which may include authentication and configuration data associated with a particular user or organization ") 

(0109) and (Figs. 14-15)), and a plurality of executable procedures associated with the 
corresponding plurality of user interface images (i.e., "A server farm 99 may be thought of as a 

group of servers that are linked together as a single system image to provide centralized administration and 

horizontal scaleability" (0077)), an executable procedure supporting a user of a particular 
organization of said plurality of organization (i.e., "companies, organizations" (0009)) in 
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managing access of employees of the particular organization (;.<?:, "The authorization module 

198 may also query a central services module 240 or some other database in order to discover which applications 
a particular user or workstation 94 is allowed to access" (0109) and "allowing user to access data and 
functionality specific to their session with an application 86" (0092) or "An entry point 480a,b may have a user 
interface 482a,b through which a user may control the application and view output Each user interface 482a,b 
may be different and allow access to data 484a,b and methods 484a,b unique to a particular entry point 480a,b. 
For example entry point 480a may have a user interface 482a that allows a user to access data 484a and methods 
486a. Data 484a and methods 486a may be available exclusively to users accessing the application through entry 
point 480a" (0176)) to an application ( "allowing user to access data and functionality specific to their 
session with an application 86" (0092)))) hosted by an application Service provider (i.e., "The server 
farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and manger 
access to an application" (0078), and USed by Said plurality Of Organization (/.*:, "The server 
configuration module 196 may also enable an administrator to set up accounts which may include authentication 
and configuration data associated with a particular user or organization ") (0109))] and 

a Command processor (i.e., "processor 12 for processing software commands 7 '(0069) (Fig. 1)) 
employing the at least One database (i.e., "a data entry application on a workstation that accesses a 

database that is on a server" (0013)) for initiating execution of a particular executable 
procedure organization (/.*, "companies, organizations " (0009)) in response to a command 
initiated at a remote location associated with the particular organization (Fig. 15 shows that 

image "Subscriber entry Point 500" associated with "Workstation 94a" and "provider Entry Point 502" 
associated with "Workstation 94b" and "The server configuration module 196 may also enable an administrator 
to set up accounts which may include authentication and configuration data associated with a particular user or 
organization ") (0109) and "In entry point 480a,b may have a session initiation module 488a, b that allows users to 
connect to an application 479" (0177)) USing a particular User interface image (i.e., "a subscriber 
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entry point 500 may include a display module 510 which may capture screen shots of a subscriber's workstation 

94a" (0181 and fig. 15)) associated with the particular executable procedure and with the 

particular Organization {i.e., "configuration data associated with a particular user or organization" (109)), 

the particular executable procedure supporting the user in managing and granting 

access Of an employee (i.e., "An ASP typically deploys, hosts, and manages access to an application, such 
as an application 86, to multiple users from a centrally managed facility" 0078)) Of the particular 

organization to an application, an authorization processor for authorizing access of the 

USer to a particular USer interface image (i.e., "display module 510 which may capture screen shots of 
a subscriber's workstation 94a " (0181) or "enable one remote user to see and control the screen of a second 
remote user")(0027) or "The authorization module 198 may perform other functions in order to control access to 

services provided by the server module 160" (0109)) without intervention by the application service 

provider (Based on specification defines "without intervention by the application service" as managing their 

accounts, without requiring intervention by or cooperation with another party" (0010) and Llewellyn et al. 
discloses "the entry point management module 148 may allow a user to connect to a particular entry point of an 
application 86. ..allowing user to access data and functionality specific to their session with an 
application "(0092) and Examiner asserts that the client can. access to particular entry point and management 
their functionality and data without intervention with another the client. For particular, example, Fig. 15 shows 
client 80a can access to 500 to manage their functionality and data without intervention by client 80b) and 

excluding access by employees of organizations other than said particular organization 

(i.e., "The server configuration module 196 may also enable an administrator to set up accounts which may 

include authentication and configuration data associated with a particular user or organization " (01 09) and "The 
authorization module 198 may also query a central services module 240 or some other database in order to 
discover which applications a particular user or workstation 94 is allowed to access" (0109) and "allowing user 
to access data and functionality specific to their session with an application 86" (0092) or "An entiy point 480a,b 
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may have a user interface 482a,b through which a user may control the application and view output. Each user 
interface 482a,b may be different and allow access to data 484a,b and methods 484a,b unique to a particular 
entry point 480a,b. For example entry point 480a may have a user interface 482a that allows a user to access data 
484a and methods 486a. Data 484a and methods 486a may be available exclusively to users accessing the 
application through entry point 480a" (01 76). 

Regarding claim 2, Llewellyn et al. discloses wherein said at lest one database 

{i.e., "a data entry application on a workstation that accesses a database that is on a server" (0013)), Said 
Command prOCeSSOr(/. e., "processor 12 for processing software commands' '(0069) (Fig. 1)) , Said 

application and associated application data specific to said particular organization {i.e., 

"The server configuration module 196 may also enable an administrator to set up accounts which may include 
authentication and configuration data associated with a particular user or organization ") (0109)), are located 
at Said application Service provider {i.e., The server farm 99 may be an Application Service Provider 
("ASP") farm 99. An ASP typically deploys, host, and manger access to an application") (0078)) site behind a 
firewall {i.e., "communicate through HTTP handshaking. This may help past fire walls and work with fire walls 

and server farms" (0203)) and accessed through said firewall by users of said plurality of 

Organization {i.e., u The server may be accessed by a one click connection. Such an icon may be on the desktop 

of a user's workstation 78, 90, 94" (0203)) and include an authorization processor for authorizing 
access of the user to the particular user interface image {i.e., "A server farm 99 may be thought 

of as a group of servers that are linked together as a single system image to provide centralized administration and 

horizontal scaieabMty" (0077))and the associated particular executable procedure in response 

to received identification information {i.e., "The server configuration module 1 96 may also enable an 
administrator to set up accounts which may include authentication and configuration data associated with a 
particular user or organization ") (0109)). 
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Regarding claim 3, Llewellyn et al. discloses wherein said particular executable 

procedure and Said particular USer interface (i.e., "image display module 5 10 which may capture 
screen shots of a subscriber's workstation 94a " (0181)) are Specifically associated with Said 
particular Organization "An entry point 480a, b may have a user interface 482a, b through which a user may 
control the application and view output. Each user interface 482a,b may be different and allow access to data 
484a,b and methods 484a,b unique to a particular entry point 480a,b. For example entry point 480a may have a 
user interface 482a that allows a user to access data 484a and methods 486a. Data 484a and methods 486a may be 
available exclusively to users accessing the application through entry point 480a" (0176)) and 

the authorization processor excludes access of the user and employees of the 

particular Organization (i.e., "The server configuration module 196 may also enable an administrator to set 
up accounts which may include authentication and configuration data associated with a particular user or 
organization ") (0109)) to USer interface images (/.&, "A server farm 99 may be thought of as a group of 
servers that are linked together as a single system image to provide centralized administration and horizontal 

scalability" (0077)), and executable procedures and data associated with organizations 

Other than the particular Organization (i.e., "The server configuration module 196 may also enable an 
administrator to set up accounts which may include authentication and configuration data associated with a 
particular user or organization ") (0109)) 

Regarding claim 7, Llewellyn et al. discloses wherein the plurality of executable 
procedures comprises a plurality of sets of executable procedures associated with the 
corresponding plurality of user interface images organization (i.e., "many applications 86 make 

use of API calls which draw simple shapes to display, often, an application 86 will make many such API calls to 
render an image" (0089) or "the methods 486a of a subscriber entry point 500 may include a display module 510 
which may capture screen shots of a subscriber's workstation 94a. The provider entry point 502 may have a viewing 
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module 512 that displays the captured display the screen shots on the provider's workstation 94b. In this manner 
the provider may see whatever the subscriber is seeing on his/her computer screen" (0181) and Examiner asserts 
plurality of user interface ( t( the entry point 500", "entry point 502 ") can be viewed and associated with particular 
origination (workstation 94a, 94b)) and the Command processor employs {i.e., "processor 12 for 
processing software commands" (0069) (Fig. 1)) the at least One database (i.e., "a data entry application 
on a workstation that accesses a database that is on a server" (0013)) for initiating execution Of a 

particular executable procedure in a particular set of executable procedures in response 
to a command initiated using the particular executable procedure in a particular set of 

executable procedures (i.e., "the second memory storing a client module executable by the second 

processor" (claim 4)) in response to a command initiated using the particular user interface 

image (i.e., "The client module 80a may then initiate 562 a session with the subscriber application 479" (0187) 
and Examiner asserts plurality of user interface ( "the entry point 500", "entry point 502") can be viewed and 
associated with particular origination (workstation 94a, 94b)). 

Regarding claim 10, Llewellyn et al. discloses wherein an executable procedure 
enables the user to amend information used in authorizing a particular employee of an 

organization to access (i.e. "an editing module 256 may permit editing by an appropriate authorized 

individual accessing the data records 250") (Oi 18)) the application hosted by the application 

Service provider (i.e., "The server farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP 
typically deploys, host, and manger access to an application" (0078)). 

Regarding claim 11, Llewellyn et al. discloses wherein an authorization 
processor for authorizing access of the employee of the particular organization to the 

particular USer interface image (i.e., "many applications 86 make use of A PI calls which draw simple 
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shapes to display, often, an application 86 will make many such API calls to render an image" (0089) or "the 
methods 486a of a subscriber entry point 500 may include a display module 510 which may capture screen shots of 
a subscriber's workstation 94a. The provider entry point 502 may have a viewing module 512 that displays the 
captured display the screen shots on the provider's workstation 94b. In this manner the provider may see whatever 
the subscriber is seeing on his/her computer screen" (0181) and Examiner asserts plurality of user interface ( "the 
entry point 500", "entry point 502 ") can be viewed and associated with particular origination (workstation 94a, 

94b)) and the associated particular executable procedure in response to received 

employees identification information {i.e., "The server configuration module 196 may also enable an 
administrator to set up accounts which may include authentication and configuration data associated with a 
particular user or organization ") (0109) and "identification data 268, associations 270, and authorizations 272 " 
(0123)) . 

Regarding claim 12, Llewellyn et al. discloses wherein the authorization 
processor uses a combination of an organization specific identifier and received 

employee identification information (i.e., "identification data 268, associations 270, and authorizations 

272" (0123)) in providing an employee access to the application hosted by the application 

Service provider (i.e., The server farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP 
typically deploys, host, and manger access to an application") (0078)) to prevent replication Of USer 

identification information between two employees of different organization^ the 

plurality Of Organizations (i.e., "identification data 268 may include data identifying a user or identifying 
others associated with a user ...authorization data 272 may include data indicating things that a user is authorized 
to do or places that a user is authorized to access" (0124) and "The server configuration module 196 may also 
enable an administrator to set up accounts which may include authentication and configuration data associated 
with a particular user or organization ") (0109) and Examiner asserts that the system "configuration data 
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associated with a particular user or organization" and "prevent unauthorized access to a server" (0110), therefore, 
the system will "prevent replication of user identification information") 

Regarding claim 13, Llewellyn et al. discloses wherein at least one of machine 

Code (i.e., "rewriting of computer code to customize software application" (0026)), a Compiled Computer 

language (i.e., "running on a remote computer are expressly written and compiled to make API calls to an X 
client on the server " (0024)). 

Regarding claim 14, Llewellyn et al. discloses wherein the particular executable 
procedure comprises a template procedure customized by at least one of the user and a 

technician (i.e., "central store of configuration information, profiles, templates, certification information, 
associations, authorizations, and the like" (0072) or "templates 264 may include pre-configured data or data 
structures useful in providing services to users of the invention " (0123)). 

Regarding claim 15, Llewellyn et al. discloses wherein at least one of, the 
command is initiated at a user site via a particular user interface image communicated 

to the User Site (/. e., "many applications 86 make use of API calls which draw simple shapes to display, often, 
an application 86 will make many such API calls to render an image " (0089) or "the methods 486a of a subscriber 
entry point 500 may include a display module 510 which may capture screen shots of a subscriber's workstation 
94a. The provider entry point 502 may have a viewing module 512 that displays the captured display the screen 
shots on the provider's workstation 94b. In this manner the provider may see whatever the subscriber is seeing on 
his/her computer screen" (0181) and Examiner asserts plurality of user interface ( "the entry point 500", "entry 
point 502") can be viewed and associated with particular origination (workstation 94a, 94b)). 

Regarding to claim 16, Llewellyn et al. discloses a system enabling individual 
organizations of a plurality of different organizations (i.e., "many enterprises (companies, 

organizations, foundations, and the like) may rely on a central server to provide access to the Internet for all users 
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on a local area network or wide area network served by the enterprise server owned by that company" (0009)) to 
manage access Of their OWn respective employees (i.e., "The server configuration module 1 96 may 
also enable an administrator to set up accounts which may include authentication and configuration data associated 

with a particular user or organization") (0W9)) to at least one remotely located application (i.e., "an 

application 86") (0078)) hosted by an application Service provider (i.e., The server farm 99 may be an 
Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and manger access to an 

application") (0078)), comprising: 

at an application Service provider (i.e., "The server farm 99 maybe an Application Service 
Provider ("ASP") farm 99. An ASP typically deploys, host, and manger access to an application") (0078)) Site, 

a communicating (fig 2) processor for accessing at least one database (i.e., "The 

application profiles 188 may be embodied as a memory mapped files rather than files stored on a storage device 16 
such as a hard drive 16" (0132) and Examiner asserts that in the specification defines "the database 138, 
otherwise called a memory device" (0042), and Llewellyn et al discloses application 479, application profiles and 
image (user interface) are stored in memory 14 (fig 8, 14)) asset containing data representing a 
plurality Of USer interface images (i.e., "A server farm 99 may be thought of as a group of servers that 
are linked together as a single system image to provide centralized administration and horizontal scaleability" 
(0077) or "many applications 86 make use of API calls which draw simple shapes to display, often, an application 
86 will make many such API calls to render an image" (0089)) associated With a Corresponding 
plurality Of Organizations (Fig. 15 shows that image "Subscriber entry Point 500" associated with "client 
Module 80a " and "provider Entry Point 502 " associated with "Client Module 80b " and "The server configuration 
module 196 may also enable an administrator to set up accounts which may include authentication and 
configuration data associated with a particular user or organization ") (0109) and (Figs. 14-15)), and a 

plurality of executable procedures associated with the corresponding plurality of user 
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interface images (i.e., "A server farm 99 may be thought of as a group of servers that are linked together as 
a single system image to provide centralized administration and horizontal scaleability" (0077)), an 

executable procedure supporting a user of a particular organization of said plurality of 
organization (/.&, "companies, organizations" (0009)) in managing access of employees of the 

particular Organization (i.e., "The authorization module 198 may also query a central services module 240 
or some other database in order to discover which applications a particular user or workstation 94 is allowed to 
access" (0109) and "allowing user to access data and functionality specific to their session with an application 
86" (0092) or "An entry point 480a,b may have a user interface 482a,b through which a user may control the 
application and view output. Each user interface 482a,b may be different and allow access to data 484a,b and 
methods 484a,b unique to a particular entry point 480a,b. For example entry point 480a may have a user interface 
482a that allows a user to access data 484a and methods 486a. Data 484a and methods 486a may be available 
exclusively to users accessing the application through entry point 480a" (0176)) to an application ( "allowing 

user to access data and functionality specific to their session with an application 86" (0092)))) hosted by an 
application Service provider (i.e., "The server farm 99 may be an Application Service Provider ("ASP") 
farm 99. An ASP typically deploys, host, and manger access to an application" (0078), and USed by Said 
plurality Of Organization (i.e., "The server configuration module 196 may also enable an administrator to 
set up accounts which may include authentication and configuration data associated with a particular user or 
organization") (0109))', and 

at least One repository (i.e., "all the data associated with such an object to the application 86 for 

storage or for access by the application 86" (0091)) including data represent an application and 
associated application data (i.e., "with such an object to the application 86 " (0091)) specific to said 

particular Organization (i.e., "configuration data associated with a particular user or organization" (0109) 
or fig. 15)', 
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a Command processor (i.e., "processor 1 2 for processing software commands "(0069) (Fig. 1)) 
employing the at least one database (i. e., "a data entry application on a workstation that accesses a 
database that is on a server" (0013)) for initiating execution of a particular executable 
procedure organization (/.<?., "companies, organizations" (0009)) in response to a command 
initiated at a remote location associated with the particular organization (Fig. 15 shows that 

image "Subscriber entry Point 500" associated with "Workstation 94a" and "provider Entry Point 502" 
associated with "Workstation 94b" and "The server configuration module 196 may also enable an administrator 
to set up accounts which may include authentication and configuration data associated with a particular user or 
organization") (0109)) Using a particular USer interface image (/.*, "a subscriber entry point 500 may 
include a display module 510 which may capture screen shots of a subscriber's workstation 94a " (0181 and fig. 

15)) associated with the particular executable procedure and with the particular 

Organization {i.e., "configuration data associated with a particular user or organization " (109)), the 

particular executable procedure supporting the user in managing and granting access 

Of an employee (i.e., "An ASP typically deploys, hosts, and manages access to an application, such as an 
application 86, to multiple users from a centrally managed facility" 0078)) Of the particular Organization 

to an application, an authorization processor for authorizing access of the user to a 

particular USer interface image (i.e., "display module 5 10 which may capture screen shots of a 
subscriber's workstation 94a " (0181) or "enable one remote user to see and control the screen of a second 
remote user")(0027) or "The authorization module 198 may perform other functions in order to control access to 

services provided by the server module 160" (0109)) without intervention by the application service 

provider (Based on specification defines "without intervention by the application service" as managing their 
accounts, without requiring intervention by or cooperation with another party" (0010) and Llewellyn et al. 
discloses "the entry point management module 148 may allow a user to connect to a particular entry point of an 
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application 86 ...allowing user to access data and functionality specific to their session with an 
application "(0092) and Examiner asserts that the client can access to particular entry point and management 
their functionality and data without intervention with another the client. For particular, example, Fig. 15 shows 
client 80a can access to 500 to manage their functionality and data without intervention by client 80b) and 

excluding access by employees of organizations other than said particular organization 

(i.e., "The server configuration module 196 may also enable an administrator to set up accounts which may 
include authentication and configuration data associated with a particular user or organization " (0109) and "The 
authorization module 198 may also query a central services module 240 or some other database in order to 
discover which applications a particular user or workstation 94 is allowed to access" (0109) and "allowing user 
to access data and functionality specific to their session with an application 86" (0092) or "An entry point 480a f b 
-may have a user interface 482a,b through which a user may control the application and view output. Each user 
interface 482a,b may be different and allow access to data 484a,b and methods 484a,b unique to a particular 
entry point 480a,b. For example entry point 480a may have a user interface 482a that allows a user to access data 
484a and methods 486a. Data 484a and methods 486a may be available exclusively to users accessing the 
application through entry point 480a" (01 76). 

Regarding to claim 17, Llewellyn et al. discloses a system enabling individual 

organizations of a plurality of different organizations {i.e., "many enterprises (companies, 

organizations, foundations, and the like) may rely on a central server to provide access to the Internet for all users 
on a local area network or wide area network served by the enterprise server owned by that company" (0009)) to 

manage access of their own respective employees (i.e., "The server configuration module 196 

may also enable an administrator to set up accounts which may include authentication and configuration data 
associated with a particular user or organization ") (0109)) to at least One remotely located 

application (i.e., "an application 86") (0078)) hosted by an application service provider (i.e., The 
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server farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and 
manger access to an application") (0078)), comprising: 

at an application Service provider (i.e., "The server farm 99 may be an Application Service 

Provider ("ASP") farm 99. An ASP typically deploys, host, and manger access to an application") (0078)) site, 

at least One database {i.e., "The application profiles 188 may be embodied as a memory mapped 

files rather than files stored on a storage device 16 such as a hard drive 16" (0132) and Examiner asserts that in 
the specification defines "the database 138, otherwise called a memory device" (0042), and Llewellyn et al. 
discloses application 479, application profiles and image (user interface) are stored in memory 14 (fig. 8, 14)) 

asset containing data representing a plurality of user interface images (i.e., "A server farm 

99 may be thought of as a group of servers that are linked together as a single system image to provide centralized 
administration and horizontal scaleability" (0077) or "many applications 86 make use of API calls which draw 
simple shapes to display, often, an application 86 will make many such API calls to render an image " (0089)) 

associated with a corresponding plurality of organizations (Fig. 1 5 shows that image "Subscriber 

entry Point 500 " associated with "client Module 80a " and "provider Entry Point 502 " associated with "Client 
Module 80b " and "The server configuration module 196 may also enable an administrator to set up accounts 
which may include authentication and configuration data associated with a particular user or organization ") 

(0109) and (Figs. 14-15)), and a plurality of executable procedures associated with the 
corresponding plurality of user interface images (i.e., "A server farm 99 may be thought of as a 

group of servers that are linked together as a single system image to provide centralized administration and 

horizontal scaleability" (0077)) , an executable procedure supporting a user of a particular 
organization of said plurality of organization (i.e., ' 'companies, organizations" (0009)) in 
managing access of employees of the particular organization (i.e., "The authorization module 

198 may also query a central services module 240 or some other database in order to discover which applications 
a particular user or workstation 94 is allowed to access " (0109) and "allowing user to access data and 
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functionality specific to their session with an application 86" (0092) or "An entry point 480a,b may have a user 
interface 482a,b through which a user may control the application and view output. Each user interface 482a,b 
may be different and allow access to data 484a,b and methods 484a,b unique to a particular entry point 480a,b. 
For example entry point 480a may have a user interface 482a that allows a user to access data 484a and methods 
486a. Data 484a and methods 486a may be available exclusively to users accessing the application through entry 
point 480a" (0176)) to an application ( "allowing user to access data and functionality specific to their 
session with an application 86" (0092)))) hosted by an application Service provider (i.e., "The server 
farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and manger 
access to an application" (0078) , and USed by Said plurality Of Organization (i.e., "The server 
configuration module 196 may also enable an administrator to set up accounts which may include authentication 
and configuration data associated with a particular user or organization ") (0109))', and 

at least One repository (i.e., "all the data associated with such an object to the application 86 for 

storage or for access by the application 86" (0091)) including data represent an application and 
associated application data (i.e., "with such an object to the application 86 "(0091)) specific to said 

particular Organization (i.e., "configuration data associated with a particular user or organization" (0109) 
or fig. 75); 

an authorization processor for authorizing access (i.e., "identification data 268, 
associations 270, and authorizations 272" (0123)) of the user to particular user interface image (i.e., 

"many applications 86 make use of API calls which draw simple shapes to display, often, an application 86 will 
make many such API calls to render an image" (0089) or "the methods 486a of a subscriber entry point 500 may 
include a display module 510 which may capture screen shots of a subscriber's workstation 94a. The provider entry 
point 502 may have a viewing module 512 that displays the captured display the screen shots on the provider's 
workstation 94b. In this manner the provider may see whatever the subscriber is seeing on his/her computer 
screen" (0181) and Examiner asserts plurality of user interface ( "the entry point 500 " "entry point 502 ") can be 
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viewed and associated with particular origination (workstation 94a, 94b)) and an associated particular 

executable procedure associated with the particular organization in response to 

received identification information Of the USer (i.e., " identification data 268, associations 270, and 

authorizations 272" (0123)) and excluding organization access of the user and employees of 
the particular organization to user interface image and executable procedures and data 

associated With the Organization (i.e., "The server configuration module 1 96 may also enable an 
administrator to set up accounts which may include authentication and configuration data associated with a 
particular user or organization ") (0109) and "identification data 268, associations 270, and authorizations 272 " 
(0123)) 

a Command processor (i.e., "processor 1 2 for processing software commands "(0069) (Fig. 1)) 
employing the at least One database (i.e., "a data entry application on a workstation that accesses a 

database that is on a server" (0013)) for initiating execution of a particular executable procedure 
organization (i.e., "companies, organizations" (0009)) in response to a command initiated at a 
remote location associated with the particular organization (Fig. 1 5 shows that image "Subscriber 

entry Point 500" associated with " Workstation 94a " and "provider Entry Point 502 " associated with " Workstation 
94b" and "The server configuration module 196 may also enable an administrator to set up accounts which may 
include authentication and configuration data associated with a particular user or organization ") (0109)) Using 
a particular USer interface image (i.e., "a subscriber entry point 500 may include a display module 510 
which may capture screen shots of a subscriber's workstation 94a " (0181 and fig. 15)) associated with the 

particular executable procedure and with the particular organization (i.e., "configuration data 

associated with a particular user or organization" (109)), the particular executable procedure 

supporting the user in managing and granting access of an employee (i.e., "An asp typically 

deploys, hosts, and manages access to an application, such as an application 86, to multiple users from a centrally 
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managed facility" 0078)) of the particular organization to an application, an authorization 
processor for authorizing access of the user to a particular user interface image {i.e., 

"display module 510 which may capture screen shots of a subscriber's workstation 94a " (0181) or "enable one 
remote user to see and control the screen of a second remote user') (0027) or "The authorization module 198 may 
perform other functions in order to control access to services provided by the server module 160 " (0109) ) 

without intervention by the application service provider {Based on specification defines "without 

intervention by the application service" as managing their accounts, without requiring intervention by or 
cooperation with another party" (0010) and Llewellyn et al. discloses "the entry point management module 148 
may allow a user to connect to a particular entry point of an application 86... allowing user to access data and 
functionality specific to their session with an application" (0092) and Examiner asserts that the client can access 
to particular entry point and management their functionality and data without intervention with another the client. 
For particular, example, Fig. 15 shows client 80a can access to 500 to manage their functionality and data without 

intervention by client 80b) and excluding access by employees of organizations other than 

Said particular Organization {i.e., "The server configuration module 1 96 may also enable an administrator 
to set up accounts which may include authentication and configuration data associated with a particular user or 
organization " (0109) and "The authorization module 198 may also query a central services module 240 or some 
other database in order to discover which applications a particular user or workstation 94 is allowed to access " 
(0109) and "allowing user to access data and functionality specific to their session with an application 86" (0092) 
or "An entry point 480a,b may have a user interface 482a,b through which a user may control the application and 
view output. Each user interface 482a,b may be different and allow access to data 484a,b and methods 484a, b 
unique to a particular entry point 480a, b. For example entry point 480a may have a user interface 482a that allows 
a user to access data 484a and methods 486a. Data 484a and methods 486a may be available exclusively to users 
accessing the application through entry point 480a" (01 76). 

Regarding to claim 18, Llewellyn et al. discloses a system the authorization 
processor authorizes access of the user in response to a command initiated {i.e., "in entry 



Application/Control Number: Page 19 

10/758,984 

Art Unit: 2163 

point 480a,b may have a session initiation module 488a,b that allows users to connect to an application 479" 
(0177)) USing the particular USer interface image {Fig. 15 shows that image "Subscriber entry Point 
500" associated with "Workstation 94a" and "provider Entry Point 502" associated with 'Workstation 94b" and , 
"The server configuration module 196 may also enable an administrator to set up accounts which may include 
authentication and configuration data associated with a particular user or organization") (0109) and "the provider 
entry point 502 may have a viewing module 512 that displays the captured display the screen shots on the 
provider's workstation 94b" (0181)). 

Regarding to claim 19, Llewellyn et al. discloses a system enabling individual 
organizations of a plurality of different organizations (/.*, "many enterprises (companies, 

organizations, foundations, and the like) may rely on a central server to provide access to the Internet for all users 
on a local area network or wide area network served by the enterprise server owned by that company" (0009)) to 

manage access of their own respective employees (i.e., "The server configuration module m 

may also enable an administrator to set up accounts which may include authentication and configuration data 
associated with a particular user or organization ") (0109)) to at least One remotely located 

application (i.e., "an application 86") (0078)) hosted by an application service provider (i.e.. The 

server farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and 
manger access to an application") (0078)), Comprising: 

at an application service provider site and accessed via a firewall (i.e., "communicate 

through HTTP handshaking. This may help past fire walls and work with fire walls and server farms " (0203)) 

at an application service provider (i.e., "The server farm 99 may be an Application Service 
Provider ("ASP") farm 99. An ASP typically deploys, host, and manger access to an application ") (0078)) Site, 

at least One database (i.e., "The application profiles 188 may be embodied as a memory mapped 
files rather than files stored on a storage device 16 such as a hard drive 16" (0132) and Examiner asserts that in 
the specification defines "the database 138, otherwise called a memory device" (0042), and Llewellyn et al. 
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discloses application 479, application profiles and image (user interface) are stored in memory 14 (fig. 8, 14)) 

asset containing data representing a plurality of user interface images (i .e., " A server farm 

99 may be thought of as a group of servers that are linked together as a single system image to provide centralized 
administration and horizontal scaleability" (0077) or "many applications 86 make use of API calls which draw 
simple shapes to display, often, an application 86 will make many such API calls to render an image " (0089)) 

associated with a corresponding plurality of organizations (Fig. / 5 shows that image "Subscriber 

entry Point 500 " associated with "client Module 80a " and "provider Entry Point 502 " associated with "Client 
Module 80b" and "The server configuration module 196 may also enable an administrator to set up accounts 
which may include authentication and configuration data associated with a particular user or organization ") 

(0109) and (Figs. 14-15)), and a plurality of executable procedures associated with the 
corresponding plurality of user interface images (/.*., "A server farm 99 may be thought of as a 

group of servers that are linked together as a single system image to provide centralized administration and 

horizontal scaleability" (0077)), an executable procedure supporting a user of a particular 
organization of said plurality of organization (i.e., "companies, organizations" (0009)) in 
managing access of employees of the particular organization (i.e., "The authorization module 

198 may also query a central services module 240 or some other database in order to discover which applications 
a particular user or workstation 94 is allowed to access" (0109) and "allowing user to access data and 
functionality specific to their session with an application 86" (0092) or "An entry point 480a,b may have a user 
interface 482a,b through which a user may control the application and view output. Each user interface 482a, b 
may be different and allow access to data 484a, b and methods 484a,b unique to a particular entry point 480a,b. 
For example entry point 480a may have a user interface 482a that allows a user to access data 484a and methods 
486a. Data 484a and methods 486a may be available exclusively to users accessing the application through entry 
point 480a" (0176)) to an application ( "allowing user to access data and functionality specific to their 
session with an application 86" (0092)))) hOSted by an application Service provider (i.e., "The server 
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farm 99 may be an Application Service Provider ("ASP") farm 99. An ASP typically deploys, host, and manger 
access to an application" (0078), and USed by Said plurality Of Organization (i.e., "The server 
configuration module 196 may also enable an administrator to set up accounts which may include authentication 
and configuration data associated with a particular user or organization ") (0109))] and 

3 Command processor (i.e., "processor 1 2 for processing software commands "(0069) (Fig. 1)) 
employing the at least One database (i.e., "a data entry application on a workstation that accesses a 

database that is on a server" (0013)) for initiating execution of a particular executable 
procedure organization (i.e., "companies, organizations" (0009)) in response to a command 
initiated at a remote location associated with the particular organization (Fig. is shows that 

image "Subscriber entry Point 500" associated with "Workstation 94a" and "provider Entry Point 502" 
associated with "Workstation 94b" and "The server configuration module 196 may also enable an administrator 
to set up accounts which may include authentication and configuration data associated with a particular user or 
organization ") (0109) and "In entry point 480a, b may have a session initiation module 488a, b that allows users to 
connect to an application 479" (0177)) Using a particular USer interface image (i.e., "a subscriber 
entry point 500 may include a display module 510 which may capture screen shots of a subscriber's workstation 

94a" (0181 and fig. 15)) associated with the particular executable procedure and with the 

particular Organization (i.e., "configuration data associated with a particular user or organization" (109)), 

the particular executable procedure supporting the user in managing and granting 

access Of an employee (i.e., "An ASP typically deploys, hosts, and manages access to an application, such 
as an application 86, to multiple users from a centrally managed facility" 0078) ) Of the particular 

organization to an application, an authorization processor for authorizing access of the 

USer to a particular USer interface image (i.e., "display module 510 which may capture screen shots of 
a subscriber's workstation 94a " (0181) or "enable one remote user to see and control the screen of a second 
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remote user")(0027) or 'The authorization module 198 may perform other functions in order to control access to 
services provided by the server module 160" (0109)) without intervention by the application service 

provider {Based on specification defines "without intervention by the application service" as managing their 

accounts, without requiring intervention by or cooperation with another party" (0010) and Llewellyn et al. 
discloses "the entry point management module 148 may allow a user to connect to a particular entry point of an 
application 86... allowing user to access data and functionality specific to their session with an 
application "(0092) and Examiner asserts that the client can access to particular entry point and management 
their functionality and data without intervention with another the client. For particular, example, Fig. 15 shows 
client 80a can access to 500 to manage their functionality and data without intervention by client 80b) and 

excluding access by employees of organizations other than said particular organization 

(i.e., "The server configuration module 196 may also enable an administrator to set up accounts which may 
include authentication and configuration data associated with a particular user or organization " (0109) and "The 
authorization module 198 may also query a central services module 240 or some other database in order to 
discover which applications a particular user or workstation 94 is allowed to access " (0109) and "allowing user 
to access data and functionality specific to their session with an application 86" (0092) or "An entry point 480a,b 
may have a user interface 482a,b through which a user may control the application and view output. Each user 
interface 482a,b may be different and allow access to data 484a,b and methods 484a,b unique to a particular 
entry point 480a,b. For example entry point 480a may have a user interface 482a that allows a user to access data 
484a and methods 486a. Data 484a and methods 486a may be available exclusively to users accessing the 
application through entry point 480a" (0176), 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 4-6, and 8-9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Llewellyn et al. (U.S. pub. No. 2003/0061279 A1) in view of Gavrila et al. (U.S. 
Pub. No. 2002/0026592 A1). 

With respect to claim 4, Llewellyn et al. discloses wherein the authorization 
processor excludes access to the user and employees of the particular organization to 
data associated with organization other than the particular organization {i.e., "The server 

configuration module 196 may also enable an administrator to set up accounts which may include authentication 
and configuration data associated with a particular user or organization ") (0109)) but Llewellyn et al. 

does not discloses removing permission of the user and employees of the particular 
organization to access the data associated with the other organizations from a directory 
of permissions used to control data access. However, Gavrila et al. discloses wherein 
removing permission of the user and employees of the particular organization to access 
the data associated with the other organizations (/.<?., "among users and roles of different 
organizations" (oow)) from a directory of permissions used to control data access (i.e., 

"automatically removing the role from the access control lists of all abstract objects accessible to that role; 
automatically deleting the association between the role and all abstract objects accessible to that role; 
automatically recalculating permissions and granting permissions to the instance of each first encountered role 
instantiated on a host computer or set of host computers " (0032) ) . It WOUld have been ObviOUS at the 

time the invention was made to a person having ordinary skill in the art to modify 
Llewellyn et al.'s system by adding the function to remove the permission of the user 
and employees of the particular organization to access the data in order to have to 
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associate object based upon a permitted accessibility thereby, minimizing redundant 
storage while maximizing security the system for the stated purpose has been well 
known in the art as evidenced by teaching of Gavrilla et al. {0018-0019). 

With respect to claim 5, Gavrila et al. discloses wherein a Microsoft compatible 

Active Control List (ACL) (i.e., "The preferred embodiment stores that permission using the usual 
mechanism ofACLs (Access Control Lists). " (0112)) (the motivation is the same as Claim 4). 

With respect to claim 6, Gavrila et al. discloses wherein the authorization 
processor removes the permission of the user and employees of the particular 
organization in responses to addition of the particular organization as a new 

Organization to the plurality Of Organizations (i.e., Adding a new permission-inheritance arc to the 

directed acyclic graph, automatically removing the role from the access control lists of all abstract objects 
accessible to that role" (0032) and Examiner asserts that "responses to addition of particular" is equivalent with 

automatically removing the role. ..when adding a new permission) (the motivation is the Same as Claim 

4). 

Regarding claim 8, Gavrila et al. discloses wherein an executable procedure 
enables the user to at least one of add an employee and remove an employee, of an 
organization as a user entitled to access the application hosted by the application 

Service provider (i.e. 'adding the member of the first role instance to the instance of the second role and to all 

instance of the roles that inherit the membership of the second role" (0197) and Examiner asserts that "adding the 
member of the first role to the instance the second role " and therefore, the numbers (employees or users) of second 

role are added.) (The motivation is the same as claim 4). 

Regarding claim 9, Gavrila et al. discloses wherein the executable procedure 
changes authorization information associated with add or remove employee (i.e. "adding 
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the member of the first role instance to the instance of the second role and to all instance of the roles that inherit the 

membership of the second role'' (0197)) (the motivation is the same as claim 4). 

Response to Arguments 

5. Applicant's arguments about the amendment claim filed 1 1/13/2007, with respect 
to the rejection(s) of claim(s) 1-19 under Thompson have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Llewellyn et al. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Hung T. Vy whose telephone number is 571-2721954. 
The examiner can normally be reached on 8.30am - 5.30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Don Wong can be reached on 571 272 1834. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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